It’s easy for us to assume protection so we can feel safe enough to move on with our lives, instead of questioning everything and being paranoid. We generally trust and don’t question:
So how did we learn these things?
Many of our parents, friends, and colleagues knew it was important enough to help us understand how to protect ourselves. They also knew that by helping to protect you, they were keeping themselves safer too, since you’re associated with them.
Ok, well who is going to teach us how to protect ourselves online - in cyberspace?
Unfortunately, most of our parents can’t pass down that knowledge and the media only gives it to us in little soundbites which is not exactly helpful when you’re worried about protecting a laptop, desktop, phone, tablet, 4 social media accounts, 2 emails, and 1 bank account.
And it’s not enough to trust institutions like Facebook to guard our data on their servers; Equifax to guard the information they collect and store on us; or our banks to block access attempts on our accounts via their websites - they’re trying to protect all of their users’ data and no one will ever care more about your own information than you.
Luckily, cybersecurity for our everyday lives or our small businesses is EXACTLY the same as protecting our physical lives, like we talked about earlier - security hygiene. There’s no one technology, no one tool, no one action that will secure everything - in the same way you can’t rely on one lock to secure your entire house. It’s doing the basic cybersecurity things routinely, like the concept of security hygiene we talked about earlier.
So if the cavalry isn’t coming to save us, and we have to learn to do the “basic cybersecurity things” where do we start?
Since you can’t secure everything at once, we recommend prioritizing by selecting the device or account you care about the most.
What should I care about the most?
List all of the accounts and devices you have and think about the data you store or transmit on them. Then score each device/account with two scores added together - how much you’d care if:
A. You lost access to the data on your device/account
(1 = I don’t care, 2 = I’d care but I’d get over it, 3 = I’d be devastated)
B. The data on your device/account was exposed
(1 = I don’t care, 2 = I’d care but I’d get over it, 3 = I’d be devastated).
Add those two scores together for your accounts and devices - the highest number is where you should start.
What if I don’t have time to do all that?
Pick one device or account that you know if you lost access to the data on it or if it were exposed, would devastate you. It can be an email account with VIP contacts on it (that hackers can spam), a laptop with family photos on it (that hackers can ransom for money), or your bank account.
Now that we’ve got our most important account or device, how do we go about actually securing it?
We’re developing a full cyber self defense checklist that you’ll be able to download, but in the meantime, these are the top 4 steps you can take on almost any account or device to protect your data:
1. Long, strong, unique password - stored securely.
Why “long?” Because the longer it is, the longer it takes a hacker to crack. Strong? Just avoid anything obvious - obvious means hackers will know to guess it. Unique? Not any of your other passwords. Why? Because if a hacker gets a hold of it, they’ll try it on all of your other accounts - it’s Hacking 101.
Stored securely? I recommend a password manager not only because they store them encrypted on your phone, which you take with you almost everywhere, but they also generate long, strong, unique passwords for you instantly, so you don’t have to think of it on your own. You’ll be able to shop for them soon at enabldsecurity.com.
2. Use two (or multi)-factor authentication (2FA).
How does this work? It’s like in the movies when Arnold Schwarzenegger has to show an ID and provide a verbal password - it’s two ways to gain access with something you have and something you know. For online accounts, it starts with a password (something you know) and the 2FA part is usually an app on your phone that you download and sync with your account; when you login, the app gives you a code to enter, in addition to your password, to grant access and lock down your account. But it’s an extra step! Yes, but they’ve made the process easy and it makes your account nearly unhackable. Find 2FA for your account here.
3. Backup your data.
Why? Hackers go after your data either because they know it has street value (aka selling your credit card info or social security number on the Dark Web) or because you value it (they don’t care about your family photos, but they know you do). So they encrypt it and hold it ransom. If you routinely backup your data, then you have nothing to worry about. Consider using a cloud backup and storage like Box, Sookasa, or Dropbox.
4. Update the software on your devices.
Why? Hackers, like the ones who try and get you to click on a link in a spam email, take advantage of vulnerabilities in software - like your Windows or Mac operating systems (basically your desktop and how you interact with your computer) - in order to weasel their way in. By updating this software, you close those doors.
Our goal is to help you understand how steps like these and the tools you use to accomplish them protect. Then, you’ll know how they fit into your overall protection and make you safer as a whole - otherwise, you might never trust these tips or tools. It’s the same way that you understand if you have a security system in your house, you know that to protect against break-ins, you can’t just put an alarm on one door to be secure - you have to put an alarm on every door (and window) to help you feel safe.
We asked a lot of questions in this blog so you didn’t have to, because we think you’ve wanted to ask those same questions but didn’t know how or who to ask. Now, we hope you’ll feel comfortable asking us, knowing that others have the same concerns.
Help us help you - let us know what you cyber self defense info you want to learn by emailing us at email@example.com. We’ll cover it in our blog or our site and let you know when we post it.
We need your input in order to build something that helps you defend yourself. Sign up for our beta (trial) and be the first to check out our site as well as being an integral part in creating a free resource so that others can protect themselves too.
What is ENABLD?
ENABLD (enabldsecurity.com) is a free site that organizes cyber self-defense tools so that you can understand how they keep you safe and find the ones you need to protect what you care about.
We’d love to have you. Our motto is “empower the unprotected” - but we truly think that we all empower each other to us all keep safe.
You’re one of the over 143 million people whose data Equifax lost. Or you applied for a government job or clearance and your data was exposed during the OPM breach. Or you’ve had to deal with a hacker holding your files hostage with ransomware. Or you just have a hard time remembering all the passwords you have to create so you rely on the same one for everything.
Any way you cut it, chances are your trust and confidence in the ability to protect your information is horribly low, and it’s mostly our fault - the cybersecurity industry itself. We’re really bad at explaining how cyber protection works and why you should care.
Imagine if you lived in a house but didn’t know where all the doors and windows were, didn’t know how to lock them or who had keys to any of them, didn’t know how dangerous the neighborhood was, and didn’t know if there was a working home security system - it’d be pretty hard to feel safe enough to fall asleep every night.
So, you’d likely set about figuring all of that out and prioritizing it - find the windows and doors and lock them all, change all the locks if necessary, talk to neighbors to find out how safe the neighborhood is, test the home security system and add more security and privacy until you’re comfortable.
Many of us find it hard to apply the same concepts to protecting our data. Here’s why:
1. We (cybersecurity experts) fail to illustrate how valuable
your data can be to you, especially once it’s gone or
2. We haven’t given you a full list, in order of importance and
based on threats that you actually face (instead of every threat
in the world), of cyber self-defense tasks you should do to
secure your data, depending on if you’re more worried about
losing access to your data or having it exposed.
3. We’re bad at explaining which tools and tips you can use to
accomplish each of the security tasks necessary to protect
4. We’re also bad at explaining how those tools and tips work
to protect you and your data in order for you to trust them in
the first place.
And, if you don’t know what data to protect first, which tools and tips to use to protect your data, and how, why, and when to use those tools, how can anyone expect you to take the time to trust those tools enough to download them or spend money on them?
So, you end up not trusting those tools that would help you - and I can’t blame you. Not to mention, you see large companies spend millions on the newest cybersecurity industry tech and still get hacked and you think “What hope do I have?”
Well, we’re hoping it’s us. I created ENABLD in order to give people - even myself - hope for a day where we can feel confident that our most prized assets stay safe and our private lives stay private. We felt wrong working so hard to protect large companies but not being able to give our friends, families, and fellow small business owners a workable plan to protect the data, devices, and accounts they care about the most. We're sorry about that and if you stay tuned to our blogs and sign up for our newsletter, we'll give you the plans and tools you need to keep yourself safe online.
We all know that true safety is a myth. Lockpickers always pick the newest locks, someone always escapes prison, someone always sneaks into the concert, and hackers always find software to exploit. We all know nothing is for certain, but I think we’d still all worry less and enjoy life more if we weren’t always having to question how secure our data and private lives.
Cyber self-defense isn't about picking the one, most expensive tool with the latest technology and hoping it'll stop all the bad guys - it's about understanding what tools are best for your budget and expertise level, to protect what you care about the most, and improving your defenses to match the technology of threats you face.
ENABLD will tackle at least a few of these problems for you. We think that if you know what data you value enough to protect, what tools and tips can best protect that data for your needs,
and how, why, and when to use those tools and tips, then you’ll be much more likely to use those tools and keep your data much safer. And, you’ll feel confident you have a handle on protecting your data at a level you're comfortable with.
But we can’t do it without you . . .
SHAMELESS PLUG: join our beta, or trial, to be the voice that helps us protect you. We’d love to have you. Our motto is “empower the unprotected” - but we truly think that we all empower each other to us all keep safe.
By Matt Lembright @mattlembright
Yes. Yes. 100% yes, you should use a password manager.
"Wait, what - a password manager? You mean an app on my phone or laptop that helps me generate and remember complex passwords for each one of my accounts?"
Yes, exactly. Here's 6 reasons why you should use one:
1. You're not going to be able to remember unique, complex passwords for each one of your accounts.
2. Since you can't do #1, you'll repeat passwords, making it easier for hackers that gain access to one password to be able to access your other accounts.